Me, I'd do what David suggested, and toss it all over the fence to AD, and let THEM worry about it.
You may need the idmap_rid backend to Samba as well, if you have multiple Linux systems that have to authenticate against AD; idmap_rid ensures that they all get the *same* UID for a given user. If keeping your Linux systems in sync with each other isn't a big deal (for example, if you only have one such system) it's unnecessary. This is indeed easier, as Mark says, with SLES10, which apparently makes joining an AD domain really really easy. But it's not all *that* hard to do by hand, either. Adam ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
